Ed Moltzen

The Chart

February 10, 2008

Hon Lau, a senior security response manager for Symantec, addresses the latest security exploit and patch to compromise the Adobe PDF format and is asking this question:

With more and more of these attacks happening, how much longer will it be before people implicitly attach a higher risk association to PDF files and avoid them altogether?

As Stefanie Hoffman reports, though, it's not just Adobe's PDF:

All in all, security experts say that it hasn't been a great week for Windows users. In the past few days, security updates have been issued for several popular programs, including Sun Java 1.5, Apple Quicktime Player, and Skype, in addition to Adobe Reader.

Lau does explain, in some detail, why the experts at Symantec think the Adobe PDF platform is a particular concern now.

"From our viewpoint, it appears that this PDF based attack has been quite successful affecting many thousands of users throughout the world," Lau wrote. "At this time, we do not have specific information about how exactly the PDF file is being delivered to victims, the tell tale sign of a successful exploit is the presence of a fresh Trojan.Zonebac infection. If previous similar attacks are anything to go by, the most likely attack scenarios could be one or all of the following:

" Compromised advertisements appearing on legitimate Web sites, which redirect browser to malicious PDF file.

" Compromised Web pages containing IFRAME or JavaScript that redirects browsers to the malicious PDF file.

" Spam emails containing social engineering to trick users into opening the PDF file or links to the file."

Even by Lau's own most likely scenarios, malicious PDF exploiters would also need to rely on weaknesses in other delivery systems - - from web sites to email - to do their damage. And it's unlikely people will avoid all of those altogether (not to mention Quicktime, Skype and the other apps that have been used in attacks.)